bbende commented on PR #6984: URL: https://github.com/apache/nifi/pull/6984#issuecomment-1440386873
Hi @nandorsoma , I don't think this is correct to add this to the `KerberosKeytabUserService` because the service is protected by restricted permissions, so if someone wants to protect access to the keytab they can decide who gets access to the service through the restricted permissions. You can see that the original `KeytabCredentialsService` also does not check for `NIFI_ALLOW_EXPLICIT_KEYTAB`. The case where we need to check the explicit usage of keytabs is when it is directly in a processor property because then there is no separation between the processor and the keytab. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
